Sophos is not naming the company due to the sensitivity of the security flaws, but claims that a malicious attack on the website is almost certainly the work of state-sponsored agencies, given the nature of the compromised target and its customers, combined with the sophistication of the attack.

Sophos was alerted to the security problem when a Sophos customer attempted to visit the affected website and received a warning message that a file on the site was infected by code that attempts to exploit a vulnerability in Microsoft XML Core Services. This could allow remote code execution – a vulnerability known as CVE-2012-1889 – which has been linked to recent warnings from Google about "state-sponsored attacks".

"One way that hackers break into large companies and organisations is to target their supply chain," said Graham Cluley, senior technology consultant at Sophos.

He added: "It's reasonable to speculate that whoever was behind this attack actually had bigger fish to fry – the type of businesses that regularly visit the websites of aeronautical suppliers, such as defence companies."

Rather than trying to hack a company that may have robust security practices and security teams, an attacker instead attacks a smaller supplier whose security procedures are less rigorous, and which is less likely to notice a security breach.

"Don't underestimate the seriousness of this vulnerability," said Cluley. "It is being actively exploited in the wild, and there is currently no patch available for it. As a result, Sophos has raised its threat level rating to its highest level – 'critical'."

Some anti-virus software packages – including Sophos's – can provide protection. "The best solution of all would be to have a proper fix from Microsoft. And for now, at least, we're waiting to see when that's going to appear," said Cluley.

Microsoft has made an early version of Windows 10 - its next operating system - available for download. The OS promises better integration and harmonisation across platforms, including mobile and desktop.
Will your business be upgrading?